M ODULAR A RITHMETIC , FLT, CRT, RSA 3

C OMPUTER S CIENCE M ENTORS 70

Week of February 18, 2018

1 Modular Arithmetic

1.1 Introduction

Modulus: Two numbers a and b are equivalent modulo n. If n|(a b), intuitively, if a
and b have the same remainder when divided by n.
In this case, we write a ⌘ b mod n.
Modular Arithmetic: All operations that work on integers also work the same way
when done under a fixed modulus n. Here are a few examples:

(a + b) mod n ⌘ (a mod n) + (b mod n)

(a ⇤ b) mod n ⌘ (a mod n) ⇤ (b mod n)
⇣ ⌘
(ab ) mod n ⌘ (a mod n)b mod n

Inverse: a and b are said to be multiplicative inverses mod n if a⇤b ⌘ 1 mod n. In this
case, we write that b ⌘ a 1 . When n is prime, every number a has a unique inverse.

1.2 Questions

1. What time will it be 1000 hours after midnight?

GROUP TUTORING HANDOUT: M ODULAR A RITHMETIC , FLT, CRT, RSA Page 2

Solution: What this question is really asking is to find 1000 (mod 24). Using our
formula for modulus, we have 1000 (mod 24) = 1000 24⇤b 1000 24
c ⌘ 1000 984 = 16.
Thus, it will be 4 pm after 1000 hours.

2. What day of the week will it be 1000 days from Monday?

Solution: What this question is really asking is to find 1000 (mod 7). Using our
formula for modulus, we have 1000 (mod 7) = 1000 7 ⇤ b 1000 7
c ⌘ 1000 994 = 6.
Thus, it will be Sunday after 1000 days.

3. What are the tens and units digits of 71900 ?

Solution: Since we’re only looking for the tens and units digits, we can just find
the 71900 mod 100, the remainder when 71900 is divided by 100. We write down
the first few powers of 7 mod 100 and see that 74 = 2401 = 1( mod 100). So, 71900
mod 100 = 74⇥475 = 1475 = 1 mod 100. So, our units digit is 1 and tens digit is 0.

4. What is 371 (mod 25)?

Solution: For this solution, instead of trying to factor the exponent nicely, we’ll
use the approach of writing the exponent as a binary number and multiplying
together the corresponding exponents. Since we have 71 = 64 + 4 + 2 + 1, we know
by the properties of exponents that 371 = (364 )(34 )(32 )(31 )
Putting each of these (mod 25), we get the following.
31 = 3 (mod 25)
3 2 = 32 = 9 (mod 25)
4 2
3 = 9 = 81 ⌘ 6 (mod 25)
38 = 62 = 36 ⌘ 11 (mod 25)
316 = 112 = 121 ⌘ 21 (mod 25)
32 2
3 = 21 = 441 ⌘ 16 (mod 25)
64 2
3 = 16 = 256 ⌘ 6 (mod 25)
Thus we have:
371 (mod 25) = (364 )(34 )(32 )(31 ) (mod 25)
371 (mod 25) = 6 ⇤ 6 ⇤ 9 ⇤ 3 (mod 25)
71
3 (mod 25) = 972 ⌘ 22

Computer Science Mentors CS70 Fall 2018:

GROUP TUTORING HANDOUT: M ODULAR A RITHMETIC , FLT, CRT, RSA Page 3
5. Solve 2x = 3 mod 7.

Solution: 2 1
mod 7 = 4 so x = 3(2 1 ) = 12 = 5 mod 7.

6. If 3 ⇤ 7 = 1 mod n, what are all possible values of n?

Solution: a and b are inverses mod n if ab ⌘ 1 (mod n), so ab 1 must be divisible

by n. Since ab = 21, ab 1 = 20. Thus, n must be 1, 2, 4, 5, 10, or 20. However, since
we have 7 on the left side, we know that n > 7, thus n = 10 or n = 20.

15
7. (Bonus) What is 712 (mod 29)

Solution: Challenging problem. Note that 72 ⌘ 20 mod 29, 74 ⌘ 23 mod 29, and
78 ⌘ 7 mod 29. Since 29 is prime, we can divide both sides by 7 to get that 77 ⌘ 1
mod 29. Thus, we can take 1215 mod 7 and use that as the exponent. 1215 ⌘ 6
15
mod 7, so 712 ⌘ 76 ⌘ 23 ⇤ 20 ⌘ 25 mod 29.

2 Euclid’s Algorithm

2.1 Questions

1. Using Euclid’s algorithm, what is the GCD of 1728 and 1024?

Solution: Applying Euclid’s Algorithm gives the following steps:

GCD(1728, 1024) = GCD(1024, 1728 mod 1024) = GCD(1024, 704)
GCD(1024, 704) = GCD(704, 1024 mod 704) = GCD(704, 320)
GCD(704, 320) = GCD(320, 704 mod 320) = GCD(320, 64)
GCD(320, 64) = GCD(64, 320 mod 64) = GCD(64, 0)
Thus, we have that the GCD of 1728 and 1024 is 64

Computer Science Mentors CS70 Fall 2018:

GROUP TUTORING HANDOUT: M ODULAR A RITHMETIC , FLT, CRT, RSA Page 4

3 Bijections

3.1 Introduction

1. Draw an example of each of the following situations

One to one AND NOT Onto AND NOT one to One to one AND onto (bi-
onto (injective but not sur- one (surjective but not in- jection, i.e. injective AND
jective) jective) surjective)

Solution: . Solution: . Solution: .

2. Describe a function that is injective but not surjective and the set over which this
applies. How about a function that is surjective but not injective?

Solution: One example is ex : R ! R is injective (one to one) but not surjective

(onto) because while all real numbers map to something, nothing will map to 0
and negative numbers.
Another example is x2 : R ! R+ is surjective (onto) but not injective (one to one)
because while all positive real numbers have something mapping to them, 4 has
-2 and 2 mapping to it.

Computer Science Mentors CS70 Fall 2018:

GROUP TUTORING HANDOUT: M ODULAR A RITHMETIC , FLT, CRT, RSA Page 5
3.2 Questions

Note 1: Zn denotes the integers mod n: {0, . . . , n 1}

Note 2: In the following questions, the appropriate modulus is taken after applying the
function.
1. Are the following functions bijections from Z12 to Z12 ?
a. f (x) = 7x

Solution: Yes: the mapping works. Since 7 is coprime to 12, there exists a
multiplicative inverse to 7 in Z12 (7 ⇥ 7 = 49 mod 12 = 1, so f 1 (x) = 7x),
which only occurs if the function is a bijection.

b. f (x) = 3x

Solution: No. For example, f (0) = f (4) = 0.

c. f (x) = x 6

Solution: Yes. It’s just f (x) = x, shifted by 6.

2. Are the following functions injections from Z12 to Z24 ?

a. f (x) = 2x

Solution: Yes: any two x1 and x2 will not equal each other as long as x1 6= x2 .

b. f (x) = 6x

Solution: No. For example, 0 and 4 both map to 0.

c. f (x) = 2x + 4

Solution: Yes. This is the same as part (a), except shifted.

3. Are the following functions surjections from Z12 to Z6 ? (Note that bxc is the floor
operation on x.)
a. f (x) = b x2 c

Computer Science Mentors CS70 Fall 2018:

GROUP TUTORING HANDOUT: M ODULAR A RITHMETIC , FLT, CRT, RSA Page 6

Solution: Yes; plug in every even number.

b. f (x) = x

Solution: Yes; plug in 0 through 5.

c. f (x) = b x4 c

Solution: No; the largest value we can get is f (12) which equals 3.

4. Why can we not have a surjection from Z12 to Z24 or an injection from Z12 to Z6 ?

Solution: Because there are more values in Z24 than Z12 , it is impossible to cover
all the values in Z24 by mapping from Z12 . Similarly, because there are more values
in Z12 than Z6 , there are not enough unique elements in Z6 to assign one to every
element in Z12 .

Computer Science Mentors CS70 Fall 2018:

GROUP TUTORING HANDOUT: M ODULAR A RITHMETIC , FLT, CRT, RSA Page 7

4 Fermat’s Little Theorem

4.1 Introduction

Fermat’s Little Theorem: For any prime p and any a 2 {1, 2, . . . , p 1}, we have ap 1 ⌘ 1
mod p.
Proof: Claim: The function a ⇤ x mod p is a bijection where x 2 {1, 2, . . . , p 1.}
The domain and range of the function are the same set, so it is enough to show that if
x 6= x0 then a ⇤ x mod p 6= a ⇤ x0 mod p.
Assume that a ⇤ x mod p ⌘ a ⇤ x0 mod p.
Since gcd(a, p) = 1, a must have an inverse: a 1 ( mod p)

ax mod p ⌘ ax0 mod p

a 1
⇤a⇤x mod p ⌘ a 1
⇤ a ⇤ x0 mod p
x mod p ⌘ x0 mod p
This contradicts our assumption that x 6= x0 mod p. Therefore the function is a bijection.
We want to use the above claim to show that ap 1 ⌘ 1 mod p. Note that now we have
the following picture:

So if we multiply all elements in the domain together, this should equal the product of
all the elements in the image:

1 ⇤ 2 ⇤ . . . ⇤ (p 1) mod p ⌘ (1a) ⇤ (2a) ⇤ . . . ⇤ ((p 1)a) mod p

(p 1)! mod p ⌘ ap 1
⇤ (p 1)! mod p
1 ⌘ ap 1
mod p

Computer Science Mentors CS70 Fall 2018:

GROUP TUTORING HANDOUT: M ODULAR A RITHMETIC , FLT, CRT, RSA Page 8
4.2 Questions

1. Find 35000 mod 11.

Solution:
(310 )500 mod 11 = 1500 mod 11 = 1.

2. Find 220 + 330 + 440 + 550 + 660 mod 7.

Solution: By FLT:
26 ⌘ 1 mod 7
36 ⌘ 1 mod 7
46 ⌘ 1 mod 7
56 ⌘ 1 mod 7
66 ⌘ 1 mod 7
Apply the above facts to simplify each portion of the equation:

220 = 22 ⇤ (26 )3 ! 220 mod 7 ⌘ 22 mod 7 ⌘ 4 mod 7

330 = (36 )5 ! 330 mod 7 ⌘ 1 mod 7

440 = 44 ⇤ (46 )6 ! 440 mod 7 ⌘ 44 mod 7 ⌘ 4 mod 7
550 = 52 ⇤ (56 )8 ! 550 mod 7 ⌘ 52 mod 7 ⌘ 4 mod 7
660 = (66 )10 ! 660 mod 7 ⌘ 1 mod 7
220 + 330 + 440 + 550 + 660 mod 7 ⌘ 4 + 1 + 4 + 4 + 1 mod 7
⌘ 14 mod 7 ⌘ 0 mod 7

Computer Science Mentors CS70 Fall 2018:

GROUP TUTORING HANDOUT: M ODULAR A RITHMETIC , FLT, CRT, RSA Page 9

5 Chinese Remainder Theorem

5.1 Introduction

Chinese Remainder Theorem: The Chinese Remainder theorem says that a sequence
of remainders with pairwise coprime divisors defines a unique remainder modulo the
product of those divisors. Formally, if x can be expressed as

x ⌘ a1 ( mod m1 )
x ⌘ a2 ( mod m2 )

where m1 and m2 are relatively prime to each other, CRT tells us that there is an unique
number mod m1 m2 that satisfies this equation.
In simple cases, we can often use extended Euclid’s algorithm to find x. However, a
failsafe equation is given by:
P ⇣ ⌘⇣ ⌘ 1
x = ki=1 ai bi mod N , where bi are defined as nNi N
ni
and N = n1 · n2 ... · nk .
mod ni

5.2 Questions

1. Find an integer x such that x is congruent to 3 mod 4 and 5 mod 9.

Solution: We can express x as:

x⌘3 mod 4
x⌘5 mod 9

where 4 and 9 are relatively prime to each other. We write the congruence with
the largest modulus as an equation, x = 9t + 5. We substitute into the other con-
gruence and solve for t. 9t + 5 ⌘ 3 mod 4, which means 9t ⌘ 2 mod 4 and t ⌘ 2
mod 4. We write this congruence as an equation, t = 4s + 2, and substitute into
the equation for x. x = 9(4s + 2) + 5 = 36s + 23. So x = 23 mod 36 is the solution.
Note that lcm(4, 9) = 36.

2. The supermarket has a lot of eggs, but the manager is not sure exactly how many he
has. When he splits the eggs into groups of 5, there are exactly 3 left. When he splits
the eggs into groups of 11, there are 6 left. What is the minimum number of eggs at
the supermarket?

Computer Science Mentors CS70 Fall 2018:

GROUP TUTORING HANDOUT: M ODULAR A RITHMETIC , FLT, CRT, RSA Page 10

Solution: We have that x ⌘ 3 mod 5 and x ⌘ 6 mod 11. We can use the Chinese
Remainder Theorem to solve for x.
Recall from the note on modular arithmetic,⇣ ⌘the
⇣ solution
⌘ 1 to x is defined as x =
Pk
i=1 ai bi mod N , where bi are defined as ni and N = n1 · n2 ... · nk .
N N
ni
mod ni

In our case, a1 = 3, a2 = 6, n1 = 5 and n2 = 11.

55 55 1 1
b1 = 5 5 mod 5
= 11 · 11 mod 5 = 11 ⇤ 1 = 11
55 55 1 1
b2 = 11 11 mod 11
=5·5 mod 11 = 5 ⇤ 9 = 45
Therefore, x ⌘ 3 · 11 + 6 · 45( mod 55) = 28
You can quickly verify that 28 indeed satisfies both conditions.

3. (Bonus) Show that n7 n is divisible by 42 for any integer n.

Solution: 42 = 7 ⇤ 3 ⇤ 2 these factors are prime so we can apply FLT. We know

that:

n7 ⌘ n mod 7
n3 ⌘ n mod 3
n2 ⌘ n mod 2
We are interested in n7 so let’s modify the bottom two equations to write n7 in
mod 3 and mod 2.

n7 ⌘ n3 ⇤ n3 ⇤ n ⌘ n ⇤ n ⇤ n ⌘ n3 ⌘ n mod 3
n7 ⌘ n mod 3

n7 ⌘ n2 ⇤ n2 ⇤ n2 ⇤ n ⌘ n ⇤ n ⇤ n ⇤ n ⌘ n2 ⇤ n2 ⌘ n ⇤ n ⌘ n2 ⌘ n mod 2
n7 ⌘ n mod 2
So now we have that:

n7 ⌘ n mod 7
n7 ⌘ n mod 3
n7 ⌘ n mod 2
By CRT, we can say that n7 ⌘ n mod 7 ⇤ 3 ⇤ 2 ⌘ n mod 42.

Computer Science Mentors CS70 Fall 2018:

GROUP TUTORING HANDOUT: M ODULAR A RITHMETIC , FLT, CRT, RSA Page 11

6 RSA

6.1 Introduction

Main idea: Given two large primes, p and q, and a message x (an integer), find an
encryption function E and an decryption function D such that D(E(x)) = x. In other
words, two people can encrypt and decrypt a message if they know E and D.
Mechanism:
N = pq
E(x) = xe mod N
D(x) = xd mod N, where d = e 1 mod(p 1)(q 1)
The pair (N, e) is the recipient’s public key, and d is the recipient’s private key. The
sender sends E(x) to the recipient, and the recipient uses D(x) to recover the origi-
nal message. The security of RSA relies on the assumption that given N , there is no
efficient algorithm to determine (p 1)(q 1).

6.2 Questions

1. How does RSA work?

a. Alice wants to send Bob a message m = 5 using his public key (n = 26, e = 11).
What cipher text E(m) will Alice send?

Solution:

51 = 5 mod 26
2
5 = 25 mod 26
= 1 mod 26
54 = ( 1)2 mod 26
=1 mod 26
8
5 = 1 mod 26
511 = 58 ⇤ 52 ⇤ 51 mod 26
=1⇤ 1⇤5 mod 26
= 5 mod 26
= 21 mod 26

b. What is the value of d (Bob’s private key) in this scheme? Note that traditional

Computer Science Mentors CS70 Fall 2018:

GROUP TUTORING HANDOUT: M ODULAR A RITHMETIC , FLT, CRT, RSA Page 12
RSA schemes use much larger prime numbers, so its harder to break n down into
its prime factors than it is in this problem.

Solution: n = 26 ! because 26 = pq and p 6= a ⇤ q for all a within integers,

p = 13, q = 2
d = e 1 mod (13 1)(2 1)
1
d = 11 mod 12
d = 11

2. In RSA, if Alice wants to send a confidential message to Bob, she uses Bob’s public
key to encode it. Then Bob uses his private key to decode the message. Suppose that
Bob chose N = 77. And then Bob chose e = 3 so his public key is (3, 77). And then
Bob chose d = 26 so his private key is (26, 77).
Will this work for encoding and decoding messages? If not, where did Bob first go
wrong in the above sequence of steps and what is the consequence of that error? If it
does work, then show that it works.

Solution: e should be co-prime to (p 1)(q 1).

e = 3 is not co-prime to (7 1)(11 1) = 60, so this is incorrect, since e does not
have an inverse mod 60.

Computer Science Mentors CS70 Fall 2018: